CVE-2023-33466

Jan 12, 2025

Published Date: 2023-06-29T15:15:09.483
Last Modified: 2024-11-26T19:15:20.670

CVSS Score: 8.8 (HIGH)

EPSS Score: 0.77%

Risk Score: 6.16 (HIGH)

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

Meter Needle
CVSS: 8.8  |  EPSS: 0.77%

Description: Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

Mitre ATT&CK Technical v15.1

T1053.002 – At

Technical Analysis & Mitigation Measures

1. Technical Attack Analysis:

Vulnerability Description:
CVE-2023-33466 is a critical vulnerability found in Orthanc before version 1.12.0. It allows authenticated users to overwrite arbitrary files on the file system via the Orthanc API. In certain deployment configurations, this can lead to the overwriting of configuration files, which opens the door to Remote Code Execution (RCE).

Attack Techniques:
– T1053.002 – Scheduled Task/Job: Cron (Linux) or Task Scheduler (Windows) :
– Attackers can schedule jobs or tasks to execute malicious payloads after gaining access to the system through file overwriting.
– By modifying configuration files, an attacker can set up persistent backdoors or scheduled tasks that execute unauthorized code at specific intervals or events.

Potential Impacts:
– Remote Code Execution : The most severe impact, allowing attackers to run arbitrary code on the server, potentially leading to full system compromise.
– Data Integrity Compromise : Manipulation of configuration files can disrupt application functionality, potentially leading to data loss or corruption.
– Privilege Escalation : If exploiters can modify system files, they may escalate their privileges, gaining administrative control over the system.
– Service Disruption : Overwriting critical files may lead to denial of service, making the application unavailable to legitimate users.

2. Mitigation Measures:

– Strengthen Security Configurations :
– Enable multi-factor authentication (MFA) for all users accessing the Orthanc API.
– Restrict permissions for API users to the minimum necessary for their roles to limit potential damage from compromised accounts.
– Apply the principle of least privilege for file access; ensure only authorized users can modify critical configuration files.

– Utilize Specific Tools or Security Software :
– Implement an intrusion detection system (IDS) to monitor API activity and detect anomalies.
– Use file integrity monitoring tools to alert administrators to unauthorized changes in the file system.
– Regularly update antivirus software to protect against known malware that could exploit vulnerabilities.

– Implement Monitoring and Reporting Practices :
– Enable detailed logging of API access and file modification events to track suspicious activities.
– Set up alerts for any unauthorized access attempts or changes to sensitive files or configurations.
– Regularly review logs for unusual patterns or signs of exploitation, such as repeated failed login attempts or unexpected file changes.

The content above is generated by AI. Please review and consider carefully before applying!

Reference Links

Vendor - Produce - Version

orthanc-server - orthanc - *

Disclaimer

The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.